1. Technical Field
The present disclosure relates generally to database systems and more particularly to operations on database queries in database systems.
2. Description of Related Art
In database operations it is often desirable to use prepared statements that parameterize query search terms in order to avoid the cost of repetitively parsing, compiling and optimizing the same queries over and over again during the course of normal operations. (Stephen Thomas, Laurie Williams, and Tao Xie, “On automated prepared statement generation to remove SQL injection vulnerabilities,” Information and Software Technology, Volume 51 Issue 3, March 2009; Prithvi Bisht, A. Prasad Sistla, and V. N. Venkatakrishnan, “Automatically Preparing Safe SQL Queries,” 14th Financial Cryptography and Data Security Conference (FC'2010), Canary Islands, Spain, January, 2010.) Additionally, in many operational settings, queries developed on one database query language must later be applied in another database query language. However, when translating prepared statements from a first database query language to a second database query language, both accuracy and security must be taken into account. Current approaches for generating prepared statements may require user interaction to ensure accuracy and maintain security.
Thus, there is a need for improved systems and methods for generating prepared statements that parameterize query search terms.